More and more transactions are conducted by consumers using their mobile devices, such as cellphones or smartphones. An easily understood and common example of a transaction is a payment transaction (or purchase transaction), and it is important for the user and/or the consumer and/or the cardholder (holder of a payment card account) and/or the consumer mobile device involved in such transactions to be authenticated or validated.
A common authentication method requires the user or consumer to input a username and a preset personal identification number (“PIN”) or the like. For example, in order to purchase an item or service with a mobile device, a cardholder may be prompted to select a payment account, provide a username, and provide a mobile device PIN. In an attempt to improve security and prevent fraud, some consumer verification methods (CVMs) require consumers to provide additional authentication credentials (sometimes referred to as “multi-factor” authentication), such as biometric identification data like fingerprint data and/or iris scan data. Since many authentication processes use locally stored data, security data and/or financial data, such as the consumer's PIN and biometric identification data and credit card data, are commonly stored in a memory element or storage device of the user's mobile device, which in many cases does not include any secure hardware components. Such regular memory elements and/or storage devices are vulnerable to attack by hackers.
It would therefore be desirable to provide methods for securely storing sensitive data on a user's mobile device in a manner that prevents hacker attacks (such as reverse engineering attacks) and/or prevents tampering, especially for mobile devices that do not include a secure hardware component.